leandrof/linux
1
0
Fork 0
forked from Minki/linux
Code Issues Pull Requests Packages Projects Releases Wiki Activity

slub: avoid potential NULL dereference or corruption

Browse Source 
show_slab_objects() can trigger NULL dereferences or memory corruption.

Another cpu can change its c->page to NULL or c->node to NUMA_NO_NODE
while we use them.

Use ACCESS_ONCE(c->page) and ACCESS_ONCE(c->node) to make sure this
cannot happen.

Acked-by: Christoph Lameter <cl@linux.com>
Acked-by: David Rientjes <rientjes@google.com>
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: Pekka Enberg <penberg@kernel.org>
This commit is contained in:
Eric Dumazet 2011-11-22 16:02:02 +01:00 committed by Pekka Enberg
parent 42d623a8cd
commit bc6697d8a5
1 changed files with 11 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
mm/slub.c
View File

@ -4444,30 +4444,31 @@ static ssize_t show_slab_objects(struct kmem_cache *s,
for_each_possible_cpu(cpu) { for_each_possible_cpu(cpu) {
struct kmem_cache_cpu *c = per_cpu_ptr(s->cpu_slab, cpu); struct kmem_cache_cpu *c = per_cpu_ptr(s->cpu_slab, cpu);
int node = ACCESS_ONCE(c->node);
struct page *page; struct page *page;
if (!c || c->node < 0) if (node < 0)
continue; continue;
page = ACCESS_ONCE(c->page);
if (c->page) { if (page) {
if (flags & SO_TOTAL) if (flags & SO_TOTAL)
x = c->page->objects; x = page->objects;
else if (flags & SO_OBJECTS) else if (flags & SO_OBJECTS)
x = c->page->inuse; x = page->inuse;
else else
x = 1; x = 1;
total += x; total += x;
nodes[c->node] += x; nodes[node] += x;
} }
page = c->partial; page = c->partial;
if (page) { if (page) {
x = page->pobjects; x = page->pobjects;
total += x; total += x;
nodes[c->node] += x; nodes[node] += x;
} }
per_cpu[c->node]++; per_cpu[node]++;
} }
} }